class R509::Cert::Extensions::SubjectAlternativeName

RFC 5280 Description (see: www.ietf.org/rfc/rfc5280.txt)

The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate. Defined options include an Internet electronic mail address, a DNS name, an IP address, and a Uniform Resource Identifier (URI). Other options exist, including completely local definitions. Multiple name forms, and multiple instances of each name form, MAY be included. Whenever such identities are to be bound into a certificate, the subject alternative name (or issuer alternative name) extension MUST be used; however, a DNS name MAY also be represented in the subject field using the domainComponent attribute as described in Section 4.1.2.4. Note that where such names are represented in the subject field implementations are not required to convert them into DNS names.

You can use this extension to parse an existing extension for easy access to the contents or create a new one.

Constants

OID

friendly name for SAN OID

Attributes

general_names[R]

@return [R509::ASN1::GeneralNames]

Public Class Methods

new(arg) click to toggle source

This method takes a hash or an existing Extension object to parse

@option arg :value [Array,R509::ASN1::GeneralNames] If you supply an Array

it must contain hashes in the standard GeneralName format (:type and :value).
You can also pass a pre-existing GeneralNames object

@option arg :critical [Boolean] (false)

Calls superclass method
# File lib/r509/cert/extensions/subject_alternative_name.rb, line 43
def initialize(arg)
  unless R509::Cert::Extensions.is_extension?(arg)
    arg = build_extension(arg)
  end
  super(arg)
  parse_extension
end

Public Instance Methods

to_h() click to toggle source

@return [Hash]

# File lib/r509/cert/extensions/subject_alternative_name.rb, line 52
def to_h
  { :critical => self.critical?, :value => @general_names.to_h }
end
to_yaml() click to toggle source

@return [YAML]

# File lib/r509/cert/extensions/subject_alternative_name.rb, line 57
def to_yaml
  self.to_h.to_yaml
end

Private Instance Methods

build_extension(arg) click to toggle source
# File lib/r509/cert/extensions/subject_alternative_name.rb, line 71
def build_extension(arg)
  validate_subject_alternative_name(arg)
  serialize = R509::ASN1::GeneralNames.new(arg[:value]).serialize_names
  ef = OpenSSL::X509::ExtensionFactory.new
  ef.config = OpenSSL::Config.parse(serialize[:conf])
  critical = R509::Cert::Extensions.calculate_critical(arg[:critical], false)
  ef.create_extension("subjectAltName", serialize[:extension_string], critical)
end
parse_extension() click to toggle source
# File lib/r509/cert/extensions/subject_alternative_name.rb, line 63
def parse_extension
  data = R509::ASN1.get_extension_payload(self)
  @general_names = R509::ASN1::GeneralNames.new
  data.entries.each do |gn|
    @general_names.add_item(gn)
  end
end
validate_subject_alternative_name(san) click to toggle source
# File lib/r509/cert/extensions/subject_alternative_name.rb, line 80
def validate_subject_alternative_name(san)
  if !san.is_a?(Hash) || !(san[:value].is_a?(R509::ASN1::GeneralNames) || san[:value].is_a?(Array))
    raise ArgumentError, "You must supply a hash with a :value"
  end
  validate_general_name_hash_array(san[:value])
end